Privacy and data

1. Data controller

Any personal data you provide to us is controlled by The TUC. We are registered as a data controller with the Information Commissioner's Office under reference Z8053646. If you have any queries about how we gather, and use your personal data then you can get in touch with our Data Protection Officer by post at: Data Protection Officer, Trades Union Congress (TUC), Congress House, Great Russell Street, London, WC1B 3LS. Or via email: info@tuc.org.uk.

2. Your rights over your data

You have a number of rights over how we gather and use your personal data. You have the rights to:

• be informed about the collection and use of your personal data (e.g. in this privacy notice);
• object to the processing of your data where we relying on our legitimate interests as the legal basis for processing;
• withdraw your consent for us to use your data at any time, where you have opted in to our data processing in the past;
• ask us to change incorrect or incomplete data we hold about you;
• ask us to delete your personal data where it is no longer necessary for us to use it, when you have withdrawn consent, or where we have no lawful basis for keeping it;
• ask us to restrict the personal data we use about you where you have asked for it to be deleted or where you have objected to our use of it;
• ask us to provide you or a third party with some of the personal data we hold about you in a structured, commonly used, electronic form, so it can be easily transferred;
• request access to a copy of your personal data, along with information on what personal data we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request free of charge by contacting our Data Protection Officer in writing at the address above;
• not be subject to a decision based solely on automated processing, including profiling;
• make a complaint to us about how we have used your personal data.

To learn more about these rights please see the Information Commissioner’s Office website. If you would like to exercise any of these rights, please contact our Data Protection Officer using the details above. We will need to ask you to confirm your identity before we can deliver on a number of these rights. If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner’s Office (the regulator for privacy / data protection legislation). The Information Commissioner’s Office (ICO) can be contacted at: Information Commissioner’s House, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 111.

3. What kinds of data do we collect?

We may collect a variety of personal data from you, as part of your interactions with us. This could include:

• Your IP address, and how you use our websites, messages or emails,
• Your name
• Contact details, phone number, email address, postal address,
• Your employer,
• Your membership of a trade union,
• Topics you tell us you are interested in,
• Details of campaigns you have supported,
• Responses to surveys and campaign actions you have completed,
• Comments you submit or publish with us,
• Photos or avatars you upload to our site.
• Attendance at events we organise.
• Profile information you submit, or your social media identities.

Our websites also make use of cookies, and you can find out more about this on our cookies policy page.

4. What we do with your data

We use your information under our legitimate interests to help us understand how our websites are effectively serving our users, and to make improvements. We use Google Analytics software on our website and app, and analytics in our email software (Campaign Monitor) and messaging platform (Intercom) to analyse our digital performance, or to assess the popularity of our campaigns. 

For more information on how we use your personal information in relation to Google Analytics, please view our cookie policy below. You can opt-out of the collection of information for such purposes at YourAdChoices. 

We use your information to fulfill any contract you make with us and supply you with the information or services that you want to use. This may include for example joining a mailing list, creating an account or personal profile page, recording your signature as part of a petition, or making a purchase. This also covers supporting you at one of our events, conferences and when you are nominated to be on one of our committees/working groups. We may also use your information to notify you about important changes or developments to the website or our services.

To provide you with these services, we may sometimes need to contact you. That would most likely be by email, but could be by post, telephone, instant message or SMS text message, depending on the situation. For example, we may contact you if it appears you are having problems creating an account, or to help fulfil an order you have made on our publications shop.We do not directly store your bank or credit card details ourselves, but instead use separate payment processors to take data and complete transactions on our behalf.

We collect and use personal information that you submit via our websites, based on your consent to use our services and receive contact from us. The information you provide will enable us to send you direct marketing and information regarding our campaigns, activities and services; or to contact you for your views on our services and participation in campaign activities.

If you join a mailing list or group that we operate, we will send you communications through the channels you have consented to / selected. This may include direct marketing updates by email, SMS, post, telephone or instant messaging. If you do not want us to continue to contact you by any of these means, please indicate this within your website account or let us know by e-mailing us at alerts@tuc.org.uk. Please note that we may not be able to continue providing particular services to you if you request that we do not contact you.

We store data on preferences that you submit to us, your usage of our emails or messages we send (such as what you open or click on in an email), or from campaign actions you take with us, to help us send you information that more closely matches your interests, or to follow up on issues you have been involved in.

We also use consent to process case studies you provide us with, or individual photos of you.We may also contact you, or permit selected third parties (such as the individual trade unions that are affiliated to the TUC) to contact you, by post, telephone, SMS text message and e-mail about other goods or services which you may be interested in. We’ll only do this if you have explicitly consented to it by ticking the relevant boxes on the forms we use to collect your data.

We may use some of your personal information to participate in Facebook’s Custom Audience and Lookalike Audience programs, which enable us to display adverts to existing supporters when they visit Facebook, or to others who share existing supporters' interests. We may provide your email address to Facebook so they can determine whether you are a registered account holder with them. Our adverts may then appear when you access Facebook. Some of your data is sent in an encrypted format that is deleted by Facebook (a) if it does not match with a Facebook account or (b) after they confirm you are a registered account holder. For more detailed information please see https://www.facebook.com/business/help/744354708981227 and Facebook’s data policy.

Sometimes we will be obliged to process your personal information due to legal obligations which are binding on us. We will only ever do so when strictly necessary.

We write news and stories about working people on our site, so it may be that we publish information that mentions you, or a picture that includes you in our site content. We will seek to get your consent to publish any case study content that identifies you personally, and you have the right to request we remove it at a later date. Contact our Data Protection Officer if you have concerns or questions about this.

5. How long do we keep your data?

The following retention periods apply for WorkSmart (unless otherwise stated)

Case study contact information is deleted 2 years after the individual first gave consent to use the case study.

Conference / event registration data is deleted 1 year after event has taken place. 

Emails / website account. We want to ensure you only hear from us if you still want to do so. You can unsubscribe from any email that we send, and we will remind you of your subscriptions every 2 years and how you may unsubscribe.

We aim to delete inactive accounts after five years if you haven’t logged in or taken activity with us in that time.

Invoices/payment data processed by TUC staff are retained for a maximum of 10 years.

General enquiries to the TUC (phone, email, letter) are deleted/destroyed 6 months after the TUC has responded.

6. Disclosing your information

We will not disclose your personal information to third parties unless we are required to do so by law, or unless we have your explicit consent.

Where you are giving consent for us to share your information with other organisations, such as our affiliated trade unions, to provide services or information to you, this will be made clear to you at the time.

You may of course choose to publish or share parts of your information with others by using our message boards, comment functions, your profile page and other sharing tools. You have control of any data you choose to publish or share using these platforms.

We may need to disclose your information to regulatory bodies, government bodies, or law enforcement agencies. This will be upon request only, and only when required to do so in order to satisfy legal obligations which are binding on us.

7. Storing your information and security

The information you provide to us via the Website will be stored and processed on servers based in the UK. However, in the course of our operations (including, without limitation, providing you with other Services, via SMS text message, message boards or in storing email and other communications between you and us) we may transfer your personal data to our service providers who are based outside of the European Economic Area (EEA). By submitting your personal data you agree that we may transfer, store and process your information outside of the European Economic Area. We will require our service providers who process your personal data to keep it safe and secure in accordance with the General Data Protection Regulations 2018.

We make use of the following data processor services not otherwise mentioned in this policy to deliver functionality as part of our services:

Oxford Web Applications (web development)
Control Shift Labs (campaign tools)
Dogooder (campaign tools)
Webflow (website publishing tools)
Campaign Monitor (email tools)
Mailchimp (email tools)
Intercom (messaging tools)
SurveyMonkey (survey tools)
Typeform (survey tools)
Jotform (survey tools)
Cloudflare (IP address based server security)
EventBrite (event management system)
Zoho (contact relationship management system)
Facebook (messages through our Facebook page and advertising)
Firebase (database)
DynamoDB (database)
Segment (app and web analytics)
Amplitude (app and web analytics)
Google Play store (app store)
Apple App store (app store)

We take all steps reasonably necessary to ensure your data is treated securely and in accordance with the General Data Protection Regulations 2018 and we employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. In particular, we use secure socket layer (SSL) encryption technology and have stringent internal procedures to ensure only those of our employees or contractors who require access to your data have access to it.

However, you acknowledge that communications sent via the Internet cannot be guaranteed to be completely secure.

8. Children’s data

We do not knowingly process data of any person under the age of 16. If we come to discover, or have reason to believe, that you are 15 and under and we are holding your personal information, we will delete that information within a reasonable period and withhold our services accordingly.

9. Changes to your personal information

If your personal information changes or you find that any of the information that we hold about you is inaccurate, please advise us of the relevant changes as soon as possible:

• by logging into our website and changing it yourself,
• by e-mail to alerts@tuc.org.uk or
• by post to Data Protection Officer, TUC, Congress House, Great Russell Street, London WC1B 3LS. Please clearly state any changes that you require.

10. Third party websites

All this only applies to websites and online services operated by the TUC. If you follow a link from one of our websites to one that’s operated by somebody else, you’ll no longer be covered by this policy.  We are not responsible for the collection of your personal data by those websites, so please make sure you check the privacy policy of any other site before you submit any personal data to them.

11. Changes to our privacy policy

We keep our privacy notices under regular review. Any changes to our privacy policy in the future will be posted to the website and, where appropriate, sent to you by e-mail notification.This policy was last updated 3 October 2019.